Bug #4787

User having WRITE permission couldn't update a document

Added by Jing Tao over 12 years ago. Updated over 12 years ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:


I think i reproduced the bug Jim mentioned:

A user having WRITE permission couldn't update a document.

Here are steps I did:
1. Create a simple document under user uid=jing. This document gives "READ+WRITE" permission to user uid=tao.
2. Save the document to metacat dev server as jing.4.1
3. Switch to another profile which has uid=tao.
4. Search online to find jing.4.1 and open it.
5. Make minor change on its title.
6. Save it to metacat and get the error:
<error>User tried to update an access module when they don't have "ALL" permission!</error>

I did another test:
All conditions are same except giving uid=tao "ALL" permission rather than "READ+WRITE" permission. This time, the updated document by uid=tao can be sent to metacat successfully.

It seems metacat doesn't handle a user's update action correctly, who only has "READ+WRITE" permission.


#1 Updated by Matt Jones over 12 years ago

This might be a regression due to recent access control handling changes. From my fuzzy memory, I seem to remember that we used to have some logic in the code that would check to see if an EML document was being updated whether there were changes to the access rules -- if not, then only write permission was needed for the update, but if access changes then ALL permission or ChangePermission permission would be needed. Maybe now we are failing to detect the case of an EML document being updated without changes to its access rules?

#2 Updated by Michael Daigle over 12 years ago

There was a white space issue when comparing database access rules to doc access rules. Trimmed the values before comparing and it works now.

#3 Updated by Redmine Admin over 9 years ago

Original Bugzilla ID was 4787

Also available in: Atom PDF